Participants in the JOSE working group have described use cases where a JSON top-level representation of digitally signed, HMAC’ed, or encrypted content is desirable. They have also described use cases where multiple digital signatures and/or HMACs need to applied to the same message and where the same plaintext needs to be encrypted to multiple recipients.
Responding to those use cases and working group input, I have created two new brief specifications:
- JSON Web Signature JSON Serialization (JWS-JS)
- JSON Web Encryption JSON Serialization (JWE-JS)
These use the same cryptographic operations as JWS and JWE, but serialize the results into a JSON objects, rather than a set of base64url encoded values separated by periods (as is done for JWS and JWE to produce compact, URL-safe representations).
These drafts are available at:
HTML-formatted versions are available at: